TECHZONE™

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming) https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 https://thehackernews.com/2026/04/google-attributes-axios-npm-supply.html Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News in a statement. "North Korean

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security

This month in security with Tony Anscombe – March 2026 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-march-2026/ The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan

Android Developer Verification Rollout Begins Ahead of September Enforcement https://thehackernews.com/2026/03/android-developer-verification-rollout.html Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. As part of this

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks https://thehackernews.com/2026/03/trueconf-zero-day-exploited-in-attacks.html A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority https://thehackernews.com/2026/03/the-ai-arms-race-why-unified-exposure.html The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains https://thehackernews.com/2026/03/silver-fox-expands-asia-cyber-campaign.html Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials https://thehackernews.com/2026/03/deepload-malware-uses-clickfix-and-wmi.html A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring

3 SOC Process Fixes That Unlock Tier 1 Productivity https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs https://thehackernews.com/2026/03/the-state-of-secrets-sprawl-2026-9.html Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign https://thehackernews.com/2026/03/three-china-linked-clusters-target.html Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack https://thehackernews.com/2026/03/iran-linked-hackers-breach-fbi.html Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement

RSAC 2026 wrap-up – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/rsac-2026-wrap-up-week-security-tony-anscombe/ This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug https://thehackernews.com/2026/03/citrix-netscaler-under-active-recon-for.html A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per